Report : PHP SuperGlobals are Vulnerable to Hackers

In the most recent Hacker Intelligence Initiative Report – “PHP SuperGlobals: Supersized Trouble“, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution. In addition to local and global scope variables, PHP has several predefined variables that are called SuperGlobals. These […]

Continue Reading

PacketFence – Open Source Network Access Control (NAC) System

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively […]

Continue Reading

SkipFish – Web Application Security Scanner

SkipFish is a fully automated, active web application security reconnaissance tool. Key Features: High Speed: Pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets. Ease of Use: Heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly […]

Continue Reading

Metasploit Framework 3.3 Released

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in […]

Continue Reading

Samhain – Host-Based Intrusion Detection System

The Samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used […]

Continue Reading